Different and to some extent conflicting interests as to how multimedia contents should be protected from unauthorized copying, exist between the content owners and providers and the consumers. On the one hand the content owners and providers naturally want protection of their copyrights while on the other the content consumers want to be allowed unrestricted and uncomplicated content use. The main aim of an authorized domain is to respect both the interests of the content owners (and/or content providers) and the content consumers, in the sense that the consumer is free to access and distribute content within the entire authorized domain, while at the same time the rights of the content owners and providers are covered by imposing strict import and export rules to prevent unlimited digital copying of the content and content distribution across domains.
The basic principle of authorized domains is to have a controlled network environment in which content can be used relatively freely as long as it does not cross the border of the authorized domain. Typically, authorized domains are centered around the home environment, also referred to as home networks. Of course, other scenarios are also possible. A user could, for example, take a portable television with him on a trip and use it in his hotel room to access content stored on his Personal Video Recorder at home. Even though the portable television is outside the home network, it is a part of the user's authorized domain.
An authorized domain can be device based, person based or a hybrid of the two. In typical device based authorized domains, the domain is formed by a specific set of devices and content items. Examples of such device-based ADs are given in international patent application WO 03/098931, international patent application WO 2005/088896 and international patent application WO 04/027588 by the same applicant, all of which are hereby incorporated by reference.
One type of device-based AD allows a set of clients bound to a domain to access content bound to that domain. This double binding assures that all the members can access the content. There is not made any distinction of the various users of the specific set of devices. A drawback of device based authorized domain systems is that they typically do not provide the typical flexibility that a user wants or need, since users are restricted to a particular and limited set of devices. In this way, a user is not allowed to exercise the rights that the user has obtained anytime and anywhere and on any device he chooses.
Another type of previous solutions is person based authorized domains as described in e.g. WO 2004/038568 by the same applicant, incorporated herein by reference, where the domain is based on persons instead of devices as was the case for device based authorized domains. In person-based authorized domains, content is coupled to persons which then are grouped into a domain. In a typical person based authorized domain access to content bound to that authorized domain is allowed by only a specific and limited set of users, but e.g. using any compliant device. Person based Authorized Domains typically offer easier domain management compared to device based authorized domains. However, person based systems require person identification every time which is seldom convenient or preferred by users.
A so-called Hybrid Authorized Domain-based DRM system ties content to a group that may contain devices and persons. Examples of hybrid AD systems can be found in international patent application WO 2005/010879 and in international patent application WO 2005/093544, both incorporated herein by reference.
International patent application serial number IB2005/053531 discloses a way to allow person based access to content in a domain in AD systems that are device based by design.
A very important functionality in authorized domains is authorized domain management determining who (persons) or what (devices) can be part of the authorized domain according to some policy and how they can have access to content items. The most common authorized domain policy is simply that the domain has a built-in fixed and unchangeable upper limit to the number of how many devices and/or persons are allowed in the domain. Although being a simple rule to implement, such a rule is far from ideal for a content consumer. For one thing it is difficult to choose a suitable limit as both parties will have to agree to this limit. Furthermore, changing the devices and/or persons in his domain becomes rather cumbersome as he will have to delete one device and/or person before being allowed to add a new one. Also, the described policy gives no possibility for the content provider to change this maximum number for instance based on a special offer etc.